Amazon Data Breach, Work Details of Employees Stolen in Cyber Attack
Tech giant Amazon has confirmed the compromise of work details of employees through a third-party vendor. The data breach was the result of MOVEit vulnerabilities exploitation.
After a threat actor known as “Nam3l3ss” revealed more than 2.8 million lines of data stolen from Amazon by posting it on BreachForums, a hacking site, the tech giant Amazon has also confirmed the employee data stolen through a third-party vendor. Adam Montgomery, spokesperson of Amazon, has confirmed the Amazon data breach news in a statement to TechCrunch.
Montgomery’s Statement
Montgomery in his statement said, “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”
Threat Actor Nam3l3ss
A person operating under the username, Nam3L3ss emerged as a significant character in cybercrime landscape. Nam3l3ss has exploited MOVEit vulnerabilities and recently posted over more than 2.8 billion lines of Amazon employee data on BreachForums, along with other major organizations, approximately 25, like HP, Lenovo, McDonalds, etc.
Threat actor Nam3l3ss claimed, “What you have seen so far is less than .001% of the data I have. I have 1,000 releases coming never seen before.”
Image Source: https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/
MOVEit
MOVEit is a file transfer software produced by Ipswitch Inc.. Nam3l3ss has exploited a critical vulnerability in MOVEit to expose the employee data from major organizations worldwide.
Stolen Amazon Employee Data
The data which was compromised during this include employee work contact information, i.e. email address, desk phone number and building location. However, Amazon refused to expose the number of employees affected by this breach.
